'\" te
.\" Copyright 1987, 1989 by the Student Information Processing Board of the Massachusetts Institute of Technology.  For copying and distribution information,  please see the file kerberosv5/mit-sipb-copyright.h.
.\" Portions Copyright (c) 2006, Sun Microsystems, Inc.  All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH KTUTIL 1 "November 22, 2021"
.SH NAME
ktutil \- Kerberos keytab maintenance utility
.SH SYNOPSIS
.nf
\fB/usr/bin/ktutil\fR
.fi

.SH DESCRIPTION
The \fBktutil\fR command is an interactive command-line interface utility for
managing  the keylist in keytab files. You must read in a keytab's keylist
before you can manage it. Also, the user running the \fBktutil\fR command must
have read/write permissions on the keytab. For example, if a keytab is owned by
root, which it typically is, \fBktutil\fR must be run as root to have the
appropriate permissions.
.SH COMMANDS
.ne 2
.na
\fB\fBclear_list\fR\fR
.ad
.br
.na
\fB\fBclear\fR\fR
.ad
.RS 23n
Clears the current keylist.
.RE

.sp
.ne 2
.na
\fB\fBread_kt\fR \fIfile\fR\fR
.ad
.br
.na
\fB\fBrkt\fR \fIfile\fR\fR
.ad
.RS 23n
Reads a keytab into the current keylist. You must specify a keytab \fIfile\fR
to read.
.RE

.sp
.ne 2
.na
\fB\fBwrite_kt\fR \fIfile\fR\fR
.ad
.br
.na
\fB\fBwkt\fR \fIfile\fR\fR
.ad
.RS 23n
Writes the current keylist to a keytab \fIfile\fR. You must specify a keytab
file to write. If the keytab file already exists, the current keylist is
appended to the existing keytab file.
.RE

.sp
.ne 2
.na
\fB\fBadd_entry\fR \fInumber\fR\fR
.ad
.br
.na
\fB\fBaddent\fR \fInumber\fR\fR
.ad
.RS 23n
Adds an entry to the current keylist. Specify the entry by the keylist slot
number.
.RE

.sp
.ne 2
.na
\fB\fBdelete_entry\fR \fInumber\fR\fR
.ad
.br
.na
\fB\fBdelent\fR \fInumber\fR\fR
.ad
.RS 23n
Deletes an entry from the current keylist. Specify the entry by the keylist
slot number.
.RE

.sp
.ne 2
.na
\fB\fBlist\fR\fR
.ad
.br
.na
\fB\fBl\fR\fR
.ad
.RS 23n
Lists the current keylist.
.RE

.sp
.ne 2
.na
\fB\fBlist_request\fR\fR
.ad
.br
.na
\fB\fBlr\fR\fR
.ad
.RS 23n
Lists available requests (commands).
.RE

.sp
.ne 2
.na
\fB\fBquit\fR\fR
.ad
.br
.na
\fB\fBexit\fR\fR
.ad
.br
.na
\fB\fBq\fR\fR
.ad
.RS 23n
Exits utility.
.RE

.SH EXAMPLES
\fBExample 1 \fRDeleting a principal from a file
.sp
.LP
The following example deletes the \fBhost/denver@EXAMPLE.com\fR principal from the
\fB/etc/krb5/krb5.keytab\fR file. Notice that if you want to delete an entry
from an existing keytab, you must first write the keylist to a temporary keytab
and then overwrite the existing keytab with the temporary keytab. This is
because the \fBwkt\fR command actually appends the current keylist to an
existing keytab, so you can't use it to overwrite a keytab.

.sp
.in +2
.nf
example# \fB/usr/krb5/bin/ktutil\fR
    ktutil: rkt /etc/krb5/krb5.keytab
    ktutil: list
slot KVNO Principal
---- ---- ---------------------------------------
   1    8 host/vail@EXAMPLE.COM
   2    5 host/denver@EXAMPLE.COM
    ktutil:delent 2
    ktutil:l
slot KVNO Principal
---- ---- --------------------------------------
   1    8 host/vail@EXAMPLE.COM
    ktutil:wkt /tmp/krb5.keytab
    ktutil:q
example# \fBmv /tmp/krb5.keytab /etc/krb5/krb5.keytab\fR
.fi
.in -2
.sp

.SH FILES
.ne 2
.na
\fB\fB/etc/krb5/krb5.keytab\fR\fR
.ad
.RS 25n
keytab file for Kerberos clients
.RE

.SH ATTRIBUTES
See \fBattributes\fR(7) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE	ATTRIBUTE VALUE
_
Interface Stability	See below.
.TE

.sp
.LP
The command arguments are Evolving. The command output is Unstable.
.SH SEE ALSO
.BR attributes (7),
.BR kerberos (7),
.BR k5srvutil (8),
.BR kadmin (8)
